Aiming to the existing problem of the powerless, high false negative rate, low detection efficiency and the lack of the rule base automatic extension mechanism to unknown aggressive behavior for existing detection mechanisms, combining the rel-evant knowledge of data mining technology, this paper designs one improved network intrusion detection system model based on data mining, combining misuse detection and anomaly detection. The model selects the K-means algorithm in clustering analysis and the Apriori algorithm in association rule mining and improves it. It applies the improved K-means algorithm to achieving normal behavior classes and data separation module, then utilizes the improved Apriori algorithm to achieve automatic extension of the rule base. By the experiment it verifies the function of the two algorithms.%针对已有检测机制存在的对于未知攻击行为无能为力、漏报率较高、检测效率低以及缺少规则库自动扩充机制等问题,结合数据挖掘技术的相关知识,设计了基于数据挖掘的改进网络入侵检测系统模型。模型中选取聚类分析K-means算法和关联规则挖掘Apriori算法,并对其进行改进。用改进的K-means算法实现正常行为类及数据分离模块,用改进Apriori算法实现规则库的自动扩充功能,并通过实验验证了两个算法的功能。
展开▼